New Virobot ransomware will also log keystrokes, add PC to a spam botnet

In addition to encrypting user files, the newly discovered ransomware is a multitasking threat that saves and steals keystrokes and adds infected computers to junk mail botnets.

A new transcript called Virobot is a new kind that has nothing to do with the previous Ransomware Family Tree, according to Trend Micro, a computer security company that a malware analyst found this treatment this week.

But component bilobot transcript seems to be unrelated to other types of transcripts, but its mode of operation is not new in the same way as previous threats.

Also, Ransomware: an executive guide showing one of the biggest threats on the web

The current infection vector seems to be spam (also called malspam). When a user downloads and runs religion software attached to an e-mail document, ransomware works by generating a random encryption and decryption key, which is also sent to the remote server. Control and control.

When this is done, Virobot will display ransom memos on the user's screen as shown below. This memo is written in French, which was strange as Trend Micro researchers targeted ransomware development campaigns clearly to US users.

Bilo robot ransom

Image: Trend Micro

Interestingly, not only is the Vi robot with a French connection that appeared in the last few weeks. At the end of August, security researcher MalwareHunter noticed that the transcript named PyLocky, created to mimic the famous Locky transcript, was very aggressive targeting France .